1. Technical Field
The present invention includes an authentication system, which is resilient against leakage of information related to authentication, and a remotely-distributed storage system using the authentication system for secure data storage.
The present application claims the priority of Patent Application No. 2003-367527 filed on Oct. 28, 2003, the contents of which are incorporated herein by reference.
2. Description of the Related Art
One of the well-known authentication methods so far is to use a user ID and a password that is known only by the user between a user terminal and a server. In order to authenticate each other in these methods, the user enters his/her ID and password into the terminal and if they match with information stored in the server the user is authenticated as a legitimate user.
However, if these information are sent clearly on the communication path between the terminal and the server an attacker, who gets the information (ID and password) illegally or by eavesdropping the channel, can impersonate the user or do wrongdoings easily. Therefore, encryption techniques such as SSL (Document 1), TLS (Document 2), and SSH (Document 3) are usually used for sending/receiving these information. For authentication, the techniques make use of a combination of passwords, secret values, and public values.
(Document 1) A. Frier, P. Karlton, and P. Kocher. The SSL 3.0 Protocol.Netscape Communication Corp., 1996, http://wp.netscape.com/eng/ss 13/
(Document 2) IETF (Internet Engineering Task Force). Transport Layer Security (tls) Charter.http://www.ietf.org/html.charters/tls-charter.html
(Document 3) IETF (Internet Engineering Task Force). Secure Shell (secsh) Charter.http://www.ietf.org/html.charters/secsh-charter.html
However, a problem existing within the above non-patent Documents 1 to 3 is that password can be obtained through off-line dictionary attacks when password-encoded (or password-related) information is leaked from a user terminal or password verification data is leaked from a server. As for on-line dictionary attacks (e.g., repeated inputs of password candidates for the correct one by impersonating a user or a server), a server can take a security policy by denying access after the specified number of wrong password inputs. Compared to on-line attacks, off-line dictionary attacks are much more powerful in that there is no available precaution and an attacker can find the correct password without interaction with a user or a server. In addition, if a password is leaked out, the data stored in the system to which a user can log in using the password can be exposed as well.